From 227c78fdad2fbf00ca758f9687f6e5094e18ae7b Mon Sep 17 00:00:00 2001
From: "@" <@>
Date: Fri, 23 Oct 2020 17:20:25 -0500
Subject: [PATCH] retitle

---
 Tactics/CredentialAccess.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Tactics/CredentialAccess.md b/Tactics/CredentialAccess.md
index e06af44..4fa2105 100644
--- a/Tactics/CredentialAccess.md
+++ b/Tactics/CredentialAccess.md
@@ -80,7 +80,7 @@ For simplicity, we're detecting a Cmdline used for both psexec (the test) as wel
 TgtProcCmdLine ContainsCIS "save HKLM\security\policy\secrets"
 `
 
-### T1003.001 LSASS Memory
+### T1003.001 LSASS Memory Dumping
 Atomics: [T1003.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md)
 
 This one may look crazy but it's not. Detection of wce by hash, procdump, comsvc, dumpert, mimikatz, pypykatz, and werfault all in one query.